After listening to customer feedback for the last couple of years, Vormetric has revamped its approach to storage security.

And according to at least one analyst, the result may just be the strongest offering available.

"I was not impressed with them a year or so ago, but they adjusted well to customer input and may have the best solution on the market right now," says
Arun Taneja, founder and consulting analyst at The Taneja Group.

"They are solving the problem from the host onwards, rather than just for NAS or just for SAN, as is the case with Decru and NeoScale," Taneja told Enterprise Storage Forum. "Vormetric covers NAS, DAS, and SAN. In other words, they are solving the security problem at the core, versus periphery, which is covered by a slew of folks in the security business."

Vormetric says its CoreGuard 2.0 security system is designed to address security threats that cannot be addressed solely by perimeter security, such as unauthorized use of data, theft of proprietary information, worms and viruses, denial of service, and insider abuse of network access.

CoreGuard 2.0 couples high-speed encryption of data at rest with Vormetric's own Context-Aware Access Control, which grants access to sensitive data only after validation of five linked criteria: who is accessing data, what they are attempting to do with it, where the target data is stored, when access is attempted, and how the data is delivered (whether it is made available in viewable or encrypted form). And because Vormetric separates data viewability from data management, administrative functions such as backup can be performed without allowing data to be viewed.

Co-founders Duc Pham and Phil Grasso maintain their company is "not an inline encryptor" like Decru and NeoScale, but focuses instead on access control at the file system layer. The result, they say, is a guarantee of no unintended access to data, including data on removable disks and tapes, and protection for data online.

The Context-Aware Access Control technology allows access to sensitive data only by authenticated users and applications that are authorized to perform the requested operation on the targeted data at the time the operation is being attempted. System administrator access privileges are also controlled. Data at rest is encrypted in any storage environment, and specific vital elements of the host are also protected.

At the core of Vormetric's offering is standards-based selective encryption technology called MetaClear, which allows data to be viewed only if the requesting process has been permitted to do so by Context-Aware Access Control. A policy, for example, could permit an authorized human resources executive to access and view sensitive data, while the IT systems administrator could have access to perform normal administrative functions on the data without the ability to view it.

Unlike block encryption methods, MetaClear only encrypts actual file data, leaving file-system metadata in the clear. This eliminates the need to encrypt, decrypt, and re-encrypt data as it is being managed, while improving system efficiency and data security, according to the company.

CoreGuard 2.0 includes support for Windows 2000, Linux, and Solaris 8 and 9. The company says it also helps meet government requirements for data control and reporting by guarding data access and maintaining detailed records. Audit logs and real-time alarms can also be exported to event correlation engines for immediate remediation.

Pricing for CoreGuard 2.0 systems starts at $39,500 per appliance, with a minimum footprint of two CoreGuard appliances in a high-availability pair and Policy Enforcement Modules (PEMs) for each server that needs to access protected data targets. Additional servers can be brought into an existing core security domain for $1,500 to $2,500 per server (exact pricing depends on the amount of CPUs per server and the operating system). Site licenses for PEMs are also available. Additional information on CoreGuard 2.0 is available from the Vormetric Web site, www.vormetric.com.